In a startling development, two malicious versions of axios, a widely used JavaScript HTTP client library, were published on npm on March 31, 2026. The versions, v1.14.1 and v0.30.4, were available for a brief period before being removed, following their discovery by security analysts. This incident has raised alarms within the software development community, particularly given axios’s popularity, boasting over 100 million weekly downloads.
The immediate circumstances surrounding the attack reveal that the malicious versions were published using compromised credentials of a lead axios maintainer. This breach allowed the attacker to inject a malicious package, plain-crypto-js@4.2.1, as a dependency, designed to evade detection by appearing legitimate. The attack was pre-staged for approximately 18 hours before the malicious versions went live, indicating a level of sophistication rarely seen in such supply chain attacks.
During the time the malicious versions were active, they were live for 2 hours and 53 minutes (v1.14.1) and 2 hours and 15 minutes (v0.30.4). The attack involved a cross-platform Remote Access Trojan (RAT) that targeted macOS, Windows, and Linux systems. The RAT dropper executed a postinstall script that contacted a command-and-control server, potentially compromising numerous environments.
Key moments
Despite the swift removal of the malicious packages, the attack resulted in observed execution in 3% of affected environments, a concerning statistic given the extensive use of axios across various cloud and code environments—approximately 80% of which utilize this library. The incident underscores the vulnerabilities that can arise from compromised maintainer accounts, as the attacker changed the maintainer’s email to an anonymous ProtonMail address, further complicating recovery efforts.
The detection of the attack was facilitated by StepSecurity’s AI Package Analyst and Harden-Runner tools, which are employed in over 12,000 public repositories. Their ability to identify the anomalous connection—marked because it had never appeared in any prior workflow run—was crucial in mitigating the potential damage.
Security experts have characterized this incident as among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package. The implications of this attack extend beyond axios itself, as it highlights the critical need for organizations to audit their environments for potential execution of these malicious versions. As one expert noted, “There are zero lines of malicious code inside axios itself, and that’s exactly what makes this attack so dangerous.”
In the wake of this incident, organizations are urged to take immediate action to safeguard their development environments. The attack serves as a stark reminder of the vulnerabilities inherent in software supply chains and the importance of maintaining robust security practices. As the development community continues to grapple with the fallout from this event, the lessons learned will likely shape future approaches to software security.
